From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
Kevin Wolf <kwolf@redhat.com>, Alberto Garcia <berto@igalia.com>,
Eric Blake <eblake@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v4 18/18] block: pass option prefix down to crypto layer
Date: Fri, 10 Feb 2017 17:09:10 +0000 [thread overview]
Message-ID: <20170210170910.8867-19-berrange@redhat.com> (raw)
In-Reply-To: <20170210170910.8867-1-berrange@redhat.com>
While the crypto layer uses a fixed option name "key-secret",
the upper block layer may have a prefix on the options. e.g.
"luks-key-secret", "aes-key-secret", in order to avoid clashes
between crypto option names & other block option names. To
ensure the crypto layer can report accurate error messages,
we must tell it what option name prefix was used.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 4 ++--
block/qcow.c | 7 ++++---
block/qcow2.c | 15 +++++++++------
crypto/block-luks.c | 8 ++++++--
crypto/block-qcow.c | 8 ++++++--
crypto/block.c | 6 ++++--
crypto/blockpriv.h | 2 ++
include/crypto/block.h | 6 +++++-
tests/test-crypto-block.c | 8 ++++----
9 files changed, 42 insertions(+), 22 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 6d6bd90..22bc6ba 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -369,7 +369,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- crypto->block = qcrypto_block_open(open_opts,
+ crypto->block = qcrypto_block_open(open_opts, NULL,
block_crypto_read_func,
bs,
cflags,
@@ -409,7 +409,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
return -1;
}
- crypto = qcrypto_block_create(create_opts,
+ crypto = qcrypto_block_create(create_opts, NULL,
block_crypto_init_func,
block_crypto_write_func,
&data,
diff --git a/block/qcow.c b/block/qcow.c
index e4288d5..dc0e9bc 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -197,8 +197,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -824,7 +824,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
goto exit;
}
- crypto = qcrypto_block_create(crypto_opts, NULL, NULL, NULL, errp);
+ crypto = qcrypto_block_create(crypto_opts, "aes-",
+ NULL, NULL, NULL, errp);
if (!crypto) {
ret = -EINVAL;
goto exit;
diff --git a/block/qcow2.c b/block/qcow2.c
index 561084f..4515f77 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -284,7 +284,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts,
+ s->crypto = qcrypto_block_open(s->crypto_opts, "luks-",
qcow2_crypto_hdr_read_func,
bs, cflags, errp);
if (!s->crypto) {
@@ -1293,8 +1293,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(s->crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -2211,14 +2211,17 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
QCryptoBlockCreateOptions *cryptoopts = NULL;
QCryptoBlock *crypto = NULL;
int ret = -EINVAL;
+ const char *optprefix;
if (g_str_equal(format, "luks")) {
+ optprefix = "luks-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_LUKS;
} else if (g_str_equal(format, "aes")) {
+ optprefix = "aes-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_AES;
} else {
error_setg(errp, "Unknown encryption format %s", format);
@@ -2230,7 +2233,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
goto out;
}
- crypto = qcrypto_block_create(cryptoopts,
+ crypto = qcrypto_block_create(cryptoopts, optprefix,
qcow2_crypto_hdr_init_func,
qcow2_crypto_hdr_write_func,
bs, errp);
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 4530f82..4a4c4a0 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
static int
qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block,
if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(
@@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr)
static int
qcrypto_block_luks_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
* be silently ignored, for compatibility with dm-crypt */
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c
index be88c6f..a456fe3 100644
--- a/crypto/block-qcow.c
+++ b/crypto/block-qcow.c
@@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block,
static int
qcrypto_block_qcow_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
unsigned int flags,
@@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
} else {
if (!options->u.qcow.key_secret) {
error_setg(errp,
- "Parameter 'key-secret' is required for cipher");
+ "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
return qcrypto_block_qcow_init(block,
@@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
static int
qcrypto_block_qcow_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
Error **errp)
{
if (!options->u.qcow.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
/* QCow2 has no special header, since everything is hardwired */
diff --git a/crypto/block.c b/crypto/block.c
index 64c8420..b097d45 100644
--- a/crypto/block.c
+++ b/crypto/block.c
@@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format,
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->open(block, options,
+ if (block->driver->open(block, options, optprefix,
readfunc, opaque, flags, errp) < 0) {
g_free(block);
return NULL;
@@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->create(block, options, initfunc,
+ if (block->driver->create(block, options, optprefix, initfunc,
writefunc, opaque, errp) < 0) {
g_free(block);
return NULL;
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
index 68f0f06..0edb810 100644
--- a/crypto/blockpriv.h
+++ b/crypto/blockpriv.h
@@ -41,6 +41,7 @@ struct QCryptoBlock {
struct QCryptoBlockDriver {
int (*open)(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -48,6 +49,7 @@ struct QCryptoBlockDriver {
int (*create)(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/include/crypto/block.h b/include/crypto/block.h
index b6971de..c0c202a 100644
--- a/include/crypto/block.h
+++ b/include/crypto/block.h
@@ -71,6 +71,7 @@ typedef enum {
/**
* qcrypto_block_open:
* @options: the encryption options
+ * @optprefix: name prefix for options
* @readfunc: callback for reading data from the volume
* @opaque: data to pass to @readfunc
* @flags: bitmask of QCryptoBlockOpenFlags values
@@ -102,6 +103,7 @@ typedef enum {
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
/**
* qcrypto_block_create:
- * @format: the encryption format
+ * @options: the encryption options
+ * @optprefix: name prefix for options
* @initfunc: callback for initializing volume header
* @writefunc: callback for writing data to the volume header
* @opaque: data to pass to @initfunc and @writefunc
@@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c
index 1957a86..f018692 100644
--- a/tests/test-crypto-block.c
+++ b/tests/test-crypto-block.c
@@ -281,7 +281,7 @@ static void test_block(gconstpointer opaque)
memset(&header, 0, sizeof(header));
buffer_init(&header, "header");
- blk = qcrypto_block_create(data->create_opts,
+ blk = qcrypto_block_create(data->create_opts, NULL,
test_block_init_func,
test_block_write_func,
&header,
@@ -300,7 +300,7 @@ static void test_block(gconstpointer opaque)
object_unparent(sec);
/* Ensure we can't open without the secret */
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
0,
@@ -308,7 +308,7 @@ static void test_block(gconstpointer opaque)
g_assert(blk == NULL);
/* Ensure we can't open without the secret, unless NO_IO */
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
QCRYPTO_BLOCK_OPEN_NO_IO,
@@ -322,7 +322,7 @@ static void test_block(gconstpointer opaque)
/* Now open for real with secret */
sec = test_block_secret();
- blk = qcrypto_block_open(data->open_opts,
+ blk = qcrypto_block_open(data->open_opts, NULL,
test_block_read_func,
&header,
0,
--
2.9.3
next prev parent reply other threads:[~2017-02-10 17:10 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-10 17:08 [Qemu-devel] [PATCH v4 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-10 17:08 ` [Qemu-devel] [PATCH v4 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-13 10:47 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-13 14:53 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-12 2:36 ` Max Reitz
2017-02-15 14:29 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-15 15:18 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-16 13:42 ` Alberto Garcia
2017-02-20 18:18 ` Daniel P. Berrange
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-16 13:51 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-02-15 15:39 ` Alberto Garcia
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-02-10 17:09 ` [Qemu-devel] [PATCH v4 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-02-10 17:09 ` Daniel P. Berrange [this message]
2017-02-12 2:39 ` [Qemu-devel] [PATCH v4 18/18] block: pass option prefix down to crypto layer Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170210170910.8867-19-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=berto@igalia.com \
--cc=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.